SonarCloud Webhook Failing with “Server Unreachable” Despite Publicly Accessible Jenkins Endpoint

SonarQube Cloud
,
1
  • ALM used
    • Bitbucket
  • CI system used
    • Jenkins
  • Error observed
    • SonarCloud analysis completes successfully, but the webhook delivery fails with Response: Server Unreachable
    • As a result, Jenkins never receives the webhook and the pipeline timesout with following step.

waitForQualityGate abortPipeline: true

  • Webhook configured in SonarCloud → Organization → Administration → Webhooks
  • Jenkins endpoint is reachable from public internet.
curl -v -X POST https://jenkins.cybus.dev/sonarqube-webhook/ \
  -H "Content-Type: application/json" \
  -d '{"ping":"sonarcloud"}'
Note: Unnecessary use of -X or --request, POST is already inferred.
* Host jenkins.cybus.dev:443 was resolved.
* IPv6: (none)
* IPv4: 18.195.54.182, 3.70.139.149
*   Trying 18.195.54.182:443...
* Connected to jenkins.cybus.dev (18.195.54.182) port 443
* ALPN: curl offers h2,http/1.1
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
*  CAfile: /etc/ssl/certs/ca-certificates.crt
*  CApath: /etc/ssl/certs
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.2 (IN), TLS handshake, Certificate (11):
* TLSv1.2 (IN), TLS handshake, Server key exchange (12):
* TLSv1.2 (IN), TLS handshake, Server finished (14):
* TLSv1.2 (OUT), TLS handshake, Client key exchange (16):
* TLSv1.2 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.2 (OUT), TLS handshake, Finished (20):
* TLSv1.2 (IN), TLS handshake, Finished (20):
* SSL connection using TLSv1.2 / ECDHE-RSA-AES128-GCM-SHA256 / prime256v1 / rsaEncryption
* ALPN: server accepted h2
* Server certificate:
*  subject: CN=jenkins.cybus.dev
*  start date: Apr  2 00:00:00 2025 GMT
*  expire date: May  2 23:59:59 2026 GMT
*  subjectAltName: host "jenkins.cybus.dev" matched cert's "jenkins.cybus.dev"
*  issuer: C=US; O=Amazon; CN=Amazon RSA 2048 M02
*  SSL certificate verify ok.
*   Certificate level 0: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 1: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
*   Certificate level 2: Public key type RSA (2048/112 Bits/secBits), signed using sha256WithRSAEncryption
* using HTTP/2
* [HTTP/2] [1] OPENED stream for https://jenkins.cybus.dev/sonarqube-webhook/
* [HTTP/2] [1] [:method: POST]
* [HTTP/2] [1] [:scheme: https]
* [HTTP/2] [1] [:authority: jenkins.cybus.dev]
* [HTTP/2] [1] [:path: /sonarqube-webhook/]
* [HTTP/2] [1] [user-agent: curl/8.5.0]
* [HTTP/2] [1] [accept: */*]
* [HTTP/2] [1] [content-type: application/json]
* [HTTP/2] [1] [content-length: 21]
> POST /sonarqube-webhook/ HTTP/2
> Host: jenkins.cybus.dev
> User-Agent: curl/8.5.0
> Accept: */*
> Content-Type: application/json
> Content-Length: 21
>
< HTTP/2 400
< date: Thu, 20 Nov 2025 16:43:09 GMT
< content-type: text/html;charset=iso-8859-1
< content-length: 485
< server: Jetty(12.0.25)
< x-content-type-options: nosniff
< cache-control: must-revalidate,no-cache,no-store
<
<html>
<head>
<meta http-equiv="Content-Type" content="text/html;charset=ISO-8859-1"/>
<title>Error 400 Invalid JSON Payload</title>
</head>
<body><h2>HTTP ERROR 400 Invalid JSON Payload</h2>
<table>
<tr><th>URI:</th><td>/sonarqube-webhook/</td></tr>
<tr><th>STATUS:</th><td>400</td></tr>
<tr><th>MESSAGE:</th><td>Invalid JSON Payload</td></tr>
<tr><th>SERVLET:</th><td>Stapler</td></tr>
</table>
<hr/><a href="https://jetty.org/">Powered by Jetty:// 12.0.25</a><hr/>

</body>
</html>
* Connection #0 to host jenkins.cybus.dev left intact
Sonar Community Roundup, November 22 - November 28
2

Hi,

Welcome to the community and thanks for this report!

We’re looking into this.

 
Ann

3

Hi @Arshad_Zameer,

I am not able to reach your server from my local machine.

ping https://jenkins.cybus.dev
ping: cannot resolve https://jenkins.cybus.dev: Unknown host

Are you sure that it is indeed reachable from outside your network?

4

Hi Tom,

Thank you for checking on this. We have only opened tcp port 443.

arshad@Mac ~ $ ping https://jenkins.cybus.dev
ping: cannot resolve https://jenkins.cybus.dev: Unknown host
arshad@Mac ~ $ nc -zv jenkins.cybus.dev 443
Connection to jenkins.cybus.dev port 443 [tcp/https] succeeded!
1 Like
5

Facing the same issue, webhooks have been failing to deliver since November 18th (at ~1AM EST) to a publicly reachable Jenkins server with “Server Unreachable”. No changes were made on my side, and it affected multiple separate jenkins servers at the same time.

6

We have a webhook configured in our organization that posts to a self-hosted Jenkins instance. The hooks are failing with “Server unreachable” yet if I manually post the payload via Postman to the same URL it works fine.

The last successfully sent webhook was November 18th at 02:14

7

Hi all,

Welcome to the community and thanks for these reports, @MarkMcCulloh and @tb00-cloud!

We released a new version of the Jenkins plugin on the 18th. Are your servers set to auto-update (e.g., via yum-cron , unattended-upgrades , or pulling the latest Docker tag)?

 
Thx,
Ann

8

Hi again all,

We’re now investigating this as a network issue on our side. Hopefully I’ll have more for you soon.

 
Ann

9

Hi all,

We’ve deployed a fix. Can you all please re-check this?

 
Thx!
Ann

10

HI again,

One more thing. In addition to the new Jenkins plugin version on the 18th, it seems we also changed the address from which webhooks are called. So if you’ve set up an explicit allow-list of IPs you might need to update your list.

The current info is in the docs.

Sorry for the churn here.

 
Ann

11

Hey thank you for the responses, webhooks appear to be delivering successfully now.

As for the jenkins plugin, if you are referring to SonarQube Scanner, there are no recent updates since January

1 Like
12

Thank you for the update, everything works now.

15

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.